1. The dynamic baseline configuration method of terminal equipment, applied to zero trust gateway, is characterized by including the following steps:
Receive the access request from the terminal device to the target application;
Confirm the risk level of the terminal device according to the access request;
Match and generate a basic baseline detection strategy according to the risk level of the terminal device. The basic baseline detection strategy includes a basic environment detection strategy and a basic security patch detection strategy;
Send the basic baseline detection strategy to the terminal device, so that the terminal device performs basic baseline detection;
Receive the basic baseline detection report of the terminal device;
Confirm the trust level of the terminal device according to the access request of the terminal device and the basic baseline detection report.
2. The dynamic baseline configuration method of terminal equipment according to claim 1, characterized in that the method further includes:
Generate a dynamic baseline detection strategy according to the access request of the terminal device and the basic baseline detection report. The dynamic baseline detection strategy includes a dynamic environment detection strategy and a dynamic behavior detection strategy of the terminal device, and the dynamic environment detection strategy The detection items of the detection strategy are less than the basic baseline detection strategy;
Send the dynamic baseline detection strategy to the terminal device, so that the terminal device performs dynamic baseline detection according to the dynamic baseline detection strategy;
Receive and monitor the dynamic baseline detection report sent by the terminal device.
3. The dynamic baseline configuration method of terminal equipment according to claim 2, characterized in that the method further includes:
Update the dynamic baseline detection log corresponding to the terminal device according to a plurality of the dynamic baseline detection reports;
Update the trust level of the terminal device according to the dynamic baseline detection log.
4. The dynamic baseline configuration method of terminal equipment according to claim 3, characterized in that the method further includes:
Generate an updated dynamic detection strategy based on the dynamic baseline detection log and trust level;
Send the updated dynamic baseline detection policy to the terminal device.
5. The dynamic baseline configuration method of terminal equipment according to any one of claims 2 to 4, characterized in that the dynamic baseline detection strategy further includes a first detection trigger condition and a second detection trigger condition, and the first detection trigger condition The trigger condition is used to trigger execution of the basic baseline detection, and the second trigger condition is used to trigger execution of the dynamic baseline detection.
6. The dynamic baseline configuration method of terminal equipment, applied to terminal equipment, is characterized by including the following steps:
Send an access request to the zero-trust gateway of the target application, so that the zero-trust gateway confirms the risk level of the terminal device according to the access request, and matches and generates a basic baseline detection according to the risk level of the terminal device. Strategy;
Receive a basic baseline detection strategy, which includes a basic environment detection strategy and a basic security patch detection strategy;
According to the basic baseline detection strategy, perform basic baseline detection and generate a basic baseline detection report;
Send the basic baseline detection report to the zero trust gateway, so that the zero trust gateway confirms the trust level of the terminal device according to the access request of the terminal device and the basic baseline detection report.
7. The dynamic baseline configuration method of terminal equipment according to claim 6, characterized in that the method further includes:
Receive a dynamic baseline detection strategy sent by the zero trust gateway. The dynamic baseline detection strategy is generated by the access request of the terminal device and the basic baseline detection report. The dynamic baseline detection strategy includes the dynamic baseline detection strategy of the terminal device. An environment detection strategy and a dynamic behavior detection strategy, and the dynamic environment detection strategy has fewer detection items than the basic baseline detection strategy;
Perform dynamic baseline detection according to the dynamic baseline detection strategy;
Send a dynamic baseline detection report to the zero trust gateway, so that the zero trust gateway updates the dynamic baseline detection log corresponding to the terminal device according to a plurality of the dynamic baseline detection reports, and based on the dynamic baseline detection log, Update the trust level of the terminal device.
8. The dynamic baseline configuration method of terminal equipment according to claim 7, characterized in that the method further includes:
Receive an updated dynamic baseline detection policy, which is generated by the zero trust gateway based on the dynamic baseline detection log and trust level update.
9. The dynamic baseline configuration method of terminal equipment according to claim 7, characterized in that the dynamic baseline detection strategy further includes a first detection trigger condition and a second detection trigger condition, and the first trigger condition is used to trigger The basic baseline detection is performed, and the second trigger condition is used to trigger execution of the dynamic baseline detection.
10. Dynamic baseline configuration system for terminal equipment, characterized by:
Zero trust gateway and terminal equipment, the zero trust gateway performs the dynamic baseline configuration method of the terminal equipment as described in any one of claims 1 to 5, and the terminal equipment performs the dynamic baseline configuration method of any one of claims 6 to 9 Dynamic baseline configuration method for terminal equipment.